virus problem with cubecart

April 4, 2005

Please help,

I have been having a problem with an annoying virus. When I go to my cubecart store, Norton Antivirus pops up with a message indicating the "backdoor.trojan" virus was deleted. Then the next thing I know my Internet Explorer homepage has been changed to "hotoffers" and there is no way to change it back! I have restored/recovered my system twice because the virus is too hard to get rid of. I've found that if I stay away from my store or set my IE security settings to "high" I don't have the problem. However, with the settings on high, my store doesn't work properly or at all. I either get a 404 error or blank page or sometimes one of my pages will come up as it is supposed to but after a few clicks I get the 404 error again.

Has anyone else had a similar problem? My host is atomic-hosting.net. Perhaps the problem is on their end. Still, any thoughts would be greatly appreciated.

hired_goon

April 4, 2005

I did have a similar prob a few years ago on one of my old homepages. What u need to do is check every file in your store home directory (my 1st guess is header.inc.php or index.php) and look for some unusuall coding and delete it....

hope this will work for you as it did for me.

Mobie

roban · April 4, 2005

Download the freeware hijackthis and run a system scan.

November 8, 2007

I have the same problem right now. Has anyone found a fix for this issue? How can this prevented in the future? */*

November 8, 2007

I have the same problem right now. Has anyone found a fix for this issue? How can this prevented in the future?

I think I just found the problem in my Index.php file. Look at the bottom - the JS lines. The original index.php file did not contain those lines. I have also updated to version CC 3.16. I was wondering if the trojan had a JS script portion hidden somwhere. I will look and update the topic.

<?php

/*

+--------------------------------------------------------------------------

| CubeCart v3.0.15

| ========================================

| by Alistair Brookbanks

| CubeCart is a Trade Mark of Devellion Limited

| Devellion Limited,

| 22 Thomas Heskin Court,

| Station Road,

| Bishops Stortford,

| HERTFORDSHIRE.

| CM23 3EE

| UNITED KINGDOM

| http://www.devellion.com

| UK Private Limited Company No. 5323904

| ========================================

| Web: http://www.cubecart.com

| Date: Thursday, 4th January 2007

| Email: sales (at) cubecart (dot) com

| License Type: CubeCart is NOT Open Source Software and Limitations Apply

| Licence Info: http://www.cubecart.com/site/faq/license.php

+--------------------------------------------------------------------------

| index.php

| ========================================

| Main pages of the store

+--------------------------------------------------------------------------

*/

include_once("includes/ini.inc.php");

// INCLUDE CORE VARIABLES & FUNCTIONS

include_once("includes/global.inc.php");

// check if installed

if($glob['installed']==0){

header("location: install/index.php");

exit;

} elseif((file_exists($glob['rootDir']."/install/index.php") || file_exists($glob['rootDir']."/upgrade.php") && $glob['installed']==1)){

echo "<strong>WARNING</strong> - Your store will not function until the install directory and/or upgrade.php is deleted from the server.";

exit;

}

// initiate db class

include_once("classes/db.inc.php");

$db = new db();

include_once("includes/functions.inc.php");

$config = fetchDbConfig("config");

include_once("includes/sessionStart.inc.php");

include_once("includes/sslSwitch.inc.php");

// get session data

include_once("includes/session.inc.php");

// get exchange rates etc

include_once("includes/currencyVars.inc.php");

$lang_folder = "";

if(empty($ccUserData[0]['lang'])){

$lang_folder = $config['defaultLang'];

} else {

$lang_folder = $ccUserData[0]['lang'];

}

include_once("language/".$lang_folder."/lang.inc.php");

// require template class

include_once("classes/xtpl.php");

$body = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/global/index.tpl");

if(isset($_GET['searchStr'])){

$body->assign("SEARCHSTR",treatGet($_GET['searchStr']));

} else {

$body->assign("SEARCHSTR","");

}

$body->assign("CURRENCY_VER",$currencyVer);

$body->assign("VAL_ISO",$charsetIso);

$body->assign("VAL_SKIN",$config['skinDir']);

// START MAIN CONTENT

if(isset($_GET['act'])){

switch (treatGet($_GET['act'])) {

case "viewDoc":

include("includes/content/viewDoc.inc.php");